ReactOS  0.4.15-dev-2720-g5ee0925
eventlog.c
Go to the documentation of this file.
1 /*
2  * Win32 advapi functions
3  *
4  * Copyright 1995 Sven Verdoolaege
5  * Copyright 1998 Juergen Schmied
6  * Copyright 2003 Mike Hearn
7  * Copyright 2007 HervĂ© Poussineau
8  *
9  * This library is free software; you can redistribute it and/or
10  * modify it under the terms of the GNU Lesser General Public
11  * License as published by the Free Software Foundation; either
12  * version 2.1 of the License, or (at your option) any later version.
13  *
14  * This library is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17  * Lesser General Public License for more details.
18  *
19  * You should have received a copy of the GNU Lesser General Public
20  * License along with this library; if not, write to the Free Software
21  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22  */
23 
24 /* INCLUDES ******************************************************************/
25 
26 #include <advapi32.h>
27 
28 #include <ndk/kefuncs.h>
29 #include <eventlogrpc_c.h>
30 
31 WINE_DEFAULT_DEBUG_CHANNEL(advapi);
32 
33 static RPC_UNICODE_STRING EmptyStringU = { 0, 0, L"" };
34 static RPC_STRING EmptyStringA = { 0, 0, "" };
35 
36 
37 /* FUNCTIONS *****************************************************************/
38 
39 handle_t __RPC_USER
40 EVENTLOG_HANDLE_A_bind(EVENTLOG_HANDLE_A UNCServerName)
41 {
42  handle_t hBinding = NULL;
43  RPC_CSTR pszStringBinding;
44  RPC_STATUS status;
45 
46  TRACE("EVENTLOG_HANDLE_A_bind() called\n");
47 
48  status = RpcStringBindingComposeA(NULL,
49  (RPC_CSTR)"ncacn_np",
50  (RPC_CSTR)UNCServerName,
51  (RPC_CSTR)"\\pipe\\EventLog",
52  NULL,
53  &pszStringBinding);
54  if (status)
55  {
56  ERR("RpcStringBindingCompose returned 0x%x\n", status);
57  return NULL;
58  }
59 
60  /* Set the binding handle that will be used to bind to the server. */
61  status = RpcBindingFromStringBindingA(pszStringBinding,
62  &hBinding);
63  if (status != RPC_S_OK)
64  {
65  ERR("RpcBindingFromStringBinding returned 0x%x\n", status);
66  }
67 
68  status = RpcStringFreeA(&pszStringBinding);
69  if (status != RPC_S_OK)
70  {
71  ERR("RpcStringFree returned 0x%x\n", status);
72  }
73 
74  return hBinding;
75 }
76 
77 
78 void __RPC_USER
79 EVENTLOG_HANDLE_A_unbind(EVENTLOG_HANDLE_A UNCServerName,
80  handle_t hBinding)
81 {
82  RPC_STATUS status;
83 
84  TRACE("EVENTLOG_HANDLE_A_unbind() called\n");
85 
86  status = RpcBindingFree(&hBinding);
87  if (status != RPC_S_OK)
88  {
89  ERR("RpcBindingFree returned 0x%x\n", status);
90  }
91 }
92 
93 
94 handle_t __RPC_USER
95 EVENTLOG_HANDLE_W_bind(EVENTLOG_HANDLE_W UNCServerName)
96 {
97  handle_t hBinding = NULL;
98  RPC_WSTR pszStringBinding;
99  RPC_STATUS status;
100 
101  TRACE("EVENTLOG_HANDLE_W_bind() called\n");
102 
103  status = RpcStringBindingComposeW(NULL,
104  L"ncacn_np",
105  UNCServerName,
106  L"\\pipe\\EventLog",
107  NULL,
108  &pszStringBinding);
109  if (status != RPC_S_OK)
110  {
111  ERR("RpcStringBindingCompose returned 0x%x\n", status);
112  return NULL;
113  }
114 
115  /* Set the binding handle that will be used to bind to the server. */
116  status = RpcBindingFromStringBindingW(pszStringBinding,
117  &hBinding);
118  if (status != RPC_S_OK)
119  {
120  ERR("RpcBindingFromStringBinding returned 0x%x\n", status);
121  }
122 
123  status = RpcStringFreeW(&pszStringBinding);
124  if (status != RPC_S_OK)
125  {
126  ERR("RpcStringFree returned 0x%x\n", status);
127  }
128 
129  return hBinding;
130 }
131 
132 
133 void __RPC_USER
134 EVENTLOG_HANDLE_W_unbind(EVENTLOG_HANDLE_W UNCServerName,
135  handle_t hBinding)
136 {
137  RPC_STATUS status;
138 
139  TRACE("EVENTLOG_HANDLE_W_unbind() called\n");
140 
141  status = RpcBindingFree(&hBinding);
142  if (status != RPC_S_OK)
143  {
144  ERR("RpcBindingFree returned 0x%x\n", status);
145  }
146 }
147 
148 
149 /******************************************************************************
150  * BackupEventLogA [ADVAPI32.@]
151  */
152 NTSTATUS
153 NTAPI
154 ElfBackupEventLogFileA(IN HANDLE hEventLog,
155  IN PANSI_STRING BackupFileNameA)
156 {
157  NTSTATUS Status;
158 
159  if (!BackupFileNameA || (BackupFileNameA->Length == 0))
160  return STATUS_INVALID_PARAMETER;
161 
162  RpcTryExcept
163  {
164  Status = ElfrBackupELFA(hEventLog,
165  (PRPC_STRING)BackupFileNameA);
166  }
167  RpcExcept(EXCEPTION_EXECUTE_HANDLER)
168  {
169  Status = I_RpcMapWin32Status(RpcExceptionCode());
170  }
171  RpcEndExcept;
172 
173  return Status;
174 }
175 
176 BOOL WINAPI
177 BackupEventLogA(IN HANDLE hEventLog,
178  IN LPCSTR lpBackupFileName)
179 {
180  BOOL Success;
181  NTSTATUS Status;
182  ANSI_STRING BackupFileNameA;
183  UNICODE_STRING BackupFileNameW;
184 
185  TRACE("%p, %s\n", hEventLog, lpBackupFileName);
186 
187  if (lpBackupFileName == NULL)
188  {
189  SetLastError(ERROR_INVALID_PARAMETER);
190  return FALSE;
191  }
192 
193  RtlInitAnsiString(&BackupFileNameA, lpBackupFileName);
194 
195  Status = RtlAnsiStringToUnicodeString(&BackupFileNameW,
196  &BackupFileNameA,
197  TRUE);
198  if (!NT_SUCCESS(Status))
199  {
200  SetLastError(RtlNtStatusToDosError(Status));
201  return FALSE;
202  }
203 
204  Success = BackupEventLogW(hEventLog,
205  BackupFileNameW.Buffer);
206 
207  RtlFreeUnicodeString(&BackupFileNameW);
208 
209  return Success;
210 }
211 
212 
213 /******************************************************************************
214  * BackupEventLogW [ADVAPI32.@]
215  *
216  * PARAMS
217  * hEventLog []
218  * lpBackupFileName []
219  */
220 NTSTATUS
221 NTAPI
222 ElfBackupEventLogFileW(IN HANDLE hEventLog,
223  IN PUNICODE_STRING BackupFileNameU)
224 {
225  NTSTATUS Status;
226 
227  if (!BackupFileNameU || (BackupFileNameU->Length == 0))
228  return STATUS_INVALID_PARAMETER;
229 
230  RpcTryExcept
231  {
232  Status = ElfrBackupELFW(hEventLog,
233  (PRPC_UNICODE_STRING)BackupFileNameU);
234  }
235  RpcExcept(EXCEPTION_EXECUTE_HANDLER)
236  {
237  Status = I_RpcMapWin32Status(RpcExceptionCode());
238  }
239  RpcEndExcept;
240 
241  return Status;
242 }
243 
244 BOOL WINAPI
245 BackupEventLogW(IN HANDLE hEventLog,
246  IN LPCWSTR lpBackupFileName)
247 {
248  NTSTATUS Status;
249  UNICODE_STRING BackupFileName;
250 
251  TRACE("%p, %s\n", hEventLog, debugstr_w(lpBackupFileName));
252 
253  if (lpBackupFileName == NULL)
254  {
255  SetLastError(ERROR_INVALID_PARAMETER);
256  return FALSE;
257  }
258 
259  if (!RtlDosPathNameToNtPathName_U(lpBackupFileName, &BackupFileName,
260  NULL, NULL))
261  {
262  SetLastError(ERROR_INVALID_PARAMETER);
263  return FALSE;
264  }
265 
266  Status = ElfBackupEventLogFileW(hEventLog, &BackupFileName);
267 
268  RtlFreeHeap(RtlGetProcessHeap(), 0, BackupFileName.Buffer);
269 
270  if (!NT_SUCCESS(Status))
271  {
272  SetLastError(RtlNtStatusToDosError(Status));
273  return FALSE;
274  }
275 
276  return TRUE;
277 }
278 
279 
280 /******************************************************************************
281  * ClearEventLogA [ADVAPI32.@]
282  */
283 NTSTATUS
284 NTAPI
285 ElfClearEventLogFileA(IN HANDLE hEventLog,
286  IN PANSI_STRING BackupFileNameA)
287 {
288  NTSTATUS Status;
289 
290  RpcTryExcept
291  {
292  Status = ElfrClearELFA(hEventLog,
293  (PRPC_STRING)BackupFileNameA);
294  }
295  RpcExcept(EXCEPTION_EXECUTE_HANDLER)
296  {
297  Status = I_RpcMapWin32Status(RpcExceptionCode());
298  }
299  RpcEndExcept;
300 
301  return Status;
302 }
303 
304 BOOL WINAPI
305 ClearEventLogA(IN HANDLE hEventLog,
306  IN LPCSTR lpBackupFileName)
307 {
308  BOOL Success;
309  NTSTATUS Status;
310  ANSI_STRING BackupFileNameA;
311  UNICODE_STRING BackupFileNameW;
312 
313  TRACE("%p, %s\n", hEventLog, lpBackupFileName);
314 
315  if (lpBackupFileName == NULL)
316  {
317  RtlInitUnicodeString(&BackupFileNameW, NULL);
318  }
319  else
320  {
321  RtlInitAnsiString(&BackupFileNameA, lpBackupFileName);
322 
323  Status = RtlAnsiStringToUnicodeString(&BackupFileNameW,
324  &BackupFileNameA,
325  TRUE);
326  if (!NT_SUCCESS(Status))
327  {
328  SetLastError(RtlNtStatusToDosError(Status));
329  return FALSE;
330  }
331  }
332 
333  Success = ClearEventLogW(hEventLog,
334  BackupFileNameW.Buffer);
335 
336  RtlFreeUnicodeString(&BackupFileNameW);
337 
338  return Success;
339 }
340 
341 
342 /******************************************************************************
343  * ClearEventLogW [ADVAPI32.@]
344  */
345 NTSTATUS
346 NTAPI
347 ElfClearEventLogFileW(IN HANDLE hEventLog,
348  IN PUNICODE_STRING BackupFileNameU)
349 {
350  NTSTATUS Status;
351 
352  RpcTryExcept
353  {
354  Status = ElfrClearELFW(hEventLog,
355  (PRPC_UNICODE_STRING)BackupFileNameU);
356  }
357  RpcExcept(EXCEPTION_EXECUTE_HANDLER)
358  {
359  Status = I_RpcMapWin32Status(RpcExceptionCode());
360  }
361  RpcEndExcept;
362 
363  return Status;
364 }
365 
366 BOOL WINAPI
367 ClearEventLogW(IN HANDLE hEventLog,
368  IN LPCWSTR lpBackupFileName)
369 {
370  NTSTATUS Status;
371  UNICODE_STRING BackupFileName;
372 
373  TRACE("%p, %s\n", hEventLog, debugstr_w(lpBackupFileName));
374 
375  if (lpBackupFileName == NULL)
376  {
377  RtlInitUnicodeString(&BackupFileName, NULL);
378  }
379  else
380  {
381  if (!RtlDosPathNameToNtPathName_U(lpBackupFileName, &BackupFileName,
382  NULL, NULL))
383  {
384  SetLastError(ERROR_INVALID_PARAMETER);
385  return FALSE;
386  }
387  }
388 
389  Status = ElfClearEventLogFileW(hEventLog, &BackupFileName);
390 
391  if (lpBackupFileName != NULL)
392  RtlFreeHeap(RtlGetProcessHeap(), 0, BackupFileName.Buffer);
393 
394  if (!NT_SUCCESS(Status))
395  {
396  SetLastError(RtlNtStatusToDosError(Status));
397  return FALSE;
398  }
399 
400  return TRUE;
401 }
402 
403 
404 /******************************************************************************
405  * CloseEventLog [ADVAPI32.@]
406  */
407 NTSTATUS
408 NTAPI
409 ElfCloseEventLog(IN HANDLE hEventLog)
410 {
411  NTSTATUS Status;
412 
413  RpcTryExcept
414  {
415  Status = ElfrCloseEL(&hEventLog);
416  }
417  RpcExcept(EXCEPTION_EXECUTE_HANDLER)
418  {
419  Status = I_RpcMapWin32Status(RpcExceptionCode());
420  }
421  RpcEndExcept;
422 
423  return Status;
424 }
425 
426 BOOL WINAPI
427 CloseEventLog(IN HANDLE hEventLog)
428 {
429  NTSTATUS Status;
430 
431  TRACE("%p\n", hEventLog);
432 
433  Status = ElfCloseEventLog(hEventLog);
434  if (!NT_SUCCESS(Status))
435  {
436  SetLastError(RtlNtStatusToDosError(Status));
437  return FALSE;
438  }
439 
440  return TRUE;
441 }
442 
443 
444 /******************************************************************************
445  * DeregisterEventSource [ADVAPI32.@]
446  * Closes a handle to the specified event log
447  *
448  * PARAMS
449  * hEventLog [I] Handle to event log
450  *
451  * RETURNS STD
452  */
453 NTSTATUS
454 NTAPI
455 ElfDeregisterEventSource(IN HANDLE hEventLog)
456 {
457  NTSTATUS Status;
458 
459  RpcTryExcept
460  {
461  Status = ElfrDeregisterEventSource(&hEventLog);
462  }
463  RpcExcept(EXCEPTION_EXECUTE_HANDLER)
464  {
465  Status = I_RpcMapWin32Status(RpcExceptionCode());
466  }
467  RpcEndExcept;
468 
469  return Status;
470 }
471 
472 BOOL WINAPI
473 DeregisterEventSource(IN HANDLE hEventLog)
474 {
475  NTSTATUS Status;
476 
477  TRACE("%p\n", hEventLog);
478 
479  Status = ElfDeregisterEventSource(hEventLog);
480  if (!NT_SUCCESS(Status))
481  {
482  SetLastError(RtlNtStatusToDosError(Status));
483  return FALSE;
484  }
485 
486  return TRUE;
487 }
488 
489 
490 /******************************************************************************
491  * GetEventLogInformation [ADVAPI32.@]
492  *
493  * PARAMS
494  * hEventLog [I] Handle to event log
495  * dwInfoLevel [I] Level of event log information to return
496  * lpBuffer [O] Buffer that receives the event log information
497  * cbBufSize [I] Size of the lpBuffer buffer
498  * pcbBytesNeeded [O] Required buffer size
499  */
500 BOOL WINAPI
501 GetEventLogInformation(IN HANDLE hEventLog,
502  IN DWORD dwInfoLevel,
503  OUT LPVOID lpBuffer,
504  IN DWORD cbBufSize,
505  OUT LPDWORD pcbBytesNeeded)
506 {
507  NTSTATUS Status;
508 
509  if (dwInfoLevel != EVENTLOG_FULL_INFO)
510  {
511  SetLastError(ERROR_INVALID_LEVEL);
512  return FALSE;
513  }
514 
515  RpcTryExcept
516  {
517  Status = ElfrGetLogInformation(hEventLog,
518  dwInfoLevel,
519  (LPBYTE)lpBuffer,
520  cbBufSize,
521  pcbBytesNeeded);
522  }
523  RpcExcept(EXCEPTION_EXECUTE_HANDLER)
524  {
525  Status = I_RpcMapWin32Status(RpcExceptionCode());
526  }
527  RpcEndExcept;
528 
529  if (!NT_SUCCESS(Status))
530  {
531  SetLastError(RtlNtStatusToDosError(Status));
532  return FALSE;
533  }
534 
535  return TRUE;
536 }
537 
538 
539 /******************************************************************************
540  * GetNumberOfEventLogRecords [ADVAPI32.@]
541  *
542  * PARAMS
543  * hEventLog []
544  * NumberOfRecords []
545  */
546 NTSTATUS
547 NTAPI
548 ElfNumberOfRecords(IN HANDLE hEventLog,
549  OUT PULONG NumberOfRecords)
550 {
551  NTSTATUS Status;
552 
553  if (!NumberOfRecords)
554  return STATUS_INVALID_PARAMETER;
555 
556  RpcTryExcept
557  {
558  Status = ElfrNumberOfRecords(hEventLog, NumberOfRecords);
559  }
560  RpcExcept(EXCEPTION_EXECUTE_HANDLER)
561  {
562  Status = I_RpcMapWin32Status(RpcExceptionCode());
563  }
564  RpcEndExcept;
565 
566  return Status;
567 }
568 
569 BOOL WINAPI
570 GetNumberOfEventLogRecords(IN HANDLE hEventLog,
571  OUT PDWORD NumberOfRecords)
572 {
573  NTSTATUS Status;
574 
575  TRACE("%p, %p\n", hEventLog, NumberOfRecords);
576 
577  Status = ElfNumberOfRecords(hEventLog, NumberOfRecords);
578  if (!NT_SUCCESS(Status))
579  {
580  SetLastError(RtlNtStatusToDosError(Status));
581  return FALSE;
582  }
583 
584  return TRUE;
585 }
586 
587 
588 /******************************************************************************
589  * GetOldestEventLogRecord [ADVAPI32.@]
590  *
591  * PARAMS
592  * hEventLog []
593  * OldestRecord []
594  */
595 NTSTATUS
596 NTAPI
597 ElfOldestRecord(IN HANDLE hEventLog,
598  OUT PULONG OldestRecordNumber)
599 {
600  NTSTATUS Status;
601 
602  if (!OldestRecordNumber)
603  return STATUS_INVALID_PARAMETER;
604 
605  RpcTryExcept
606  {
607  Status = ElfrOldestRecord(hEventLog, OldestRecordNumber);
608  }
609  RpcExcept(EXCEPTION_EXECUTE_HANDLER)
610  {
611  Status = I_RpcMapWin32Status(RpcExceptionCode());
612  }
613  RpcEndExcept;
614 
615  return Status;
616 }
617 
618 BOOL WINAPI
619 GetOldestEventLogRecord(IN HANDLE hEventLog,
620  OUT PDWORD OldestRecord)
621 {
622  NTSTATUS Status;
623 
624  TRACE("%p, %p\n", hEventLog, OldestRecord);
625 
626  Status = ElfOldestRecord(hEventLog, OldestRecord);
627  if (!NT_SUCCESS(Status))
628  {
629  SetLastError(RtlNtStatusToDosError(Status));
630  return FALSE;
631  }
632 
633  return TRUE;
634 }
635 
636 
637 /******************************************************************************
638  * NotifyChangeEventLog [ADVAPI32.@]
639  *
640  * PARAMS
641  * hEventLog []
642  * hEvent []
643  */
644 NTSTATUS
645 NTAPI
646 ElfChangeNotify(IN HANDLE hEventLog,
647  IN HANDLE hEvent)
648 {
649  NTSTATUS Status;
650  CLIENT_ID ClientId = NtCurrentTeb()->ClientId;
651  RPC_CLIENT_ID RpcClientId;
652 
653  RpcClientId.UniqueProcess = HandleToUlong(ClientId.UniqueProcess);
654  RpcClientId.UniqueThread = HandleToUlong(ClientId.UniqueThread);
655 
656  RpcTryExcept
657  {
658  Status = ElfrChangeNotify(hEventLog, RpcClientId, HandleToUlong(hEvent));
659  }
660  RpcExcept(EXCEPTION_EXECUTE_HANDLER)
661  {
662  Status = I_RpcMapWin32Status(RpcExceptionCode());
663  }
664  RpcEndExcept;
665 
666  return Status;
667 }
668 
669 BOOL WINAPI
670 NotifyChangeEventLog(IN HANDLE hEventLog,
671  IN HANDLE hEvent)
672 {
673  NTSTATUS Status;
674 
675  TRACE("%p, %p\n", hEventLog, hEvent);
676 
677  Status = ElfChangeNotify(hEventLog, hEvent);
678  if (!NT_SUCCESS(Status))
679  {
680  SetLastError(RtlNtStatusToDosError(Status));
681  return FALSE;
682  }
683 
684  return TRUE;
685 }
686 
687 
688 /******************************************************************************
689  * OpenBackupEventLogA [ADVAPI32.@]
690  */
691 NTSTATUS
692 NTAPI
693 ElfOpenBackupEventLogA(IN PANSI_STRING UNCServerNameA,
694  IN PANSI_STRING BackupFileNameA,
695  OUT PHANDLE phEventLog)
696 {
697  NTSTATUS Status;
698  PSTR pUNCServerName = NULL;
699 
700  if (!phEventLog || !BackupFileNameA || (BackupFileNameA->Length == 0))
701  return STATUS_INVALID_PARAMETER;
702 
703  if (UNCServerNameA && (UNCServerNameA->Length != 0))
704  pUNCServerName = UNCServerNameA->Buffer;
705 
706  *phEventLog = NULL;
707 
708  RpcTryExcept
709  {
710  Status = ElfrOpenBELA(pUNCServerName,
711  (PRPC_STRING)BackupFileNameA,
712  1, 1,
713  (IELF_HANDLE*)phEventLog);
714  }
715  RpcExcept(EXCEPTION_EXECUTE_HANDLER)
716  {
717  Status = I_RpcMapWin32Status(RpcExceptionCode());
718  }
719  RpcEndExcept;
720 
721  return Status;
722 }
723 
724 HANDLE WINAPI
725 OpenBackupEventLogA(IN LPCSTR lpUNCServerName,
726  IN LPCSTR lpFileName)
727 {
728  NTSTATUS Status;
729  HANDLE LogHandle;
730  ANSI_STRING UNCServerNameA;
731  UNICODE_STRING UNCServerNameW;
732  ANSI_STRING FileNameA;
733  UNICODE_STRING FileNameW;
734 
735  TRACE("%s, %s\n", lpUNCServerName, lpFileName);
736 
737  /* Convert the server name to unicode */
738  if (lpUNCServerName == NULL)
739  {
740  RtlInitUnicodeString(&UNCServerNameW, NULL);
741  }
742  else
743  {
744  RtlInitAnsiString(&UNCServerNameA, lpUNCServerName);
745 
746  Status = RtlAnsiStringToUnicodeString(&UNCServerNameW,
747  &UNCServerNameA,
748  TRUE);
749  if (!NT_SUCCESS(Status))
750  {
751  SetLastError(RtlNtStatusToDosError(Status));
752  return NULL;
753  }
754  }
755 
756  /* Convert the file name to unicode */
757  if (lpFileName == NULL)
758  {
759  RtlInitUnicodeString(&FileNameW, NULL);
760  }
761  else
762  {
763  RtlInitAnsiString(&FileNameA, lpFileName);
764 
765  Status = RtlAnsiStringToUnicodeString(&FileNameW,
766  &FileNameA,
767  TRUE);
768  if (!NT_SUCCESS(Status))
769  {
770  RtlFreeUnicodeString(&UNCServerNameW);
771  SetLastError(RtlNtStatusToDosError(Status));
772  return NULL;
773  }
774  }
775 
776  /* Call the unicode function */
777  LogHandle = OpenBackupEventLogW(UNCServerNameW.Buffer,
778  FileNameW.Buffer);
779 
780  /* Free the unicode strings */
781  RtlFreeUnicodeString(&UNCServerNameW);
782  RtlFreeUnicodeString(&FileNameW);
783 
784  return LogHandle;
785 }
786 
787 
788 /******************************************************************************
789  * OpenBackupEventLogW [ADVAPI32.@]
790  *
791  * PARAMS
792  * lpUNCServerName []
793  * lpFileName []
794  */
795 NTSTATUS
796 NTAPI
797 ElfOpenBackupEventLogW(IN PUNICODE_STRING UNCServerNameU,
798  IN PUNICODE_STRING BackupFileNameU,
799  OUT PHANDLE phEventLog)
800 {
801  NTSTATUS Status;
802  PWSTR pUNCServerName = NULL;
803 
804  if (!phEventLog || !BackupFileNameU || (BackupFileNameU->Length == 0))
805  return STATUS_INVALID_PARAMETER;
806 
807  if (UNCServerNameU && (UNCServerNameU->Length != 0))
808  pUNCServerName = UNCServerNameU->Buffer;
809 
810  *phEventLog = NULL;
811 
812  RpcTryExcept
813  {
814  Status = ElfrOpenBELW(pUNCServerName,
815  (PRPC_UNICODE_STRING)BackupFileNameU,
816  1,
817  1,
818  (IELF_HANDLE*)phEventLog);
819  }
820  RpcExcept(EXCEPTION_EXECUTE_HANDLER)
821  {
822  Status = I_RpcMapWin32Status(RpcExceptionCode());
823  }
824  RpcEndExcept;
825 
826  return Status;
827 }
828 
829 HANDLE WINAPI
830 OpenBackupEventLogW(IN LPCWSTR lpUNCServerName,
831  IN LPCWSTR lpFileName)
832 {
833  NTSTATUS Status;
834  HANDLE hEventLog;
835  UNICODE_STRING UNCServerName, FileName;
836 
837  TRACE("%s, %s\n", debugstr_w(lpUNCServerName), debugstr_w(lpFileName));
838 
839  if (lpFileName == NULL)
840  {
841  SetLastError(ERROR_INVALID_PARAMETER);
842  return NULL;
843  }
844 
845  if (!RtlDosPathNameToNtPathName_U(lpFileName, &FileName,
846  NULL, NULL))
847  {
848  SetLastError(ERROR_INVALID_PARAMETER);
849  return NULL;
850  }
851 
852  RtlInitUnicodeString(&UNCServerName, lpUNCServerName);
853 
854  Status = ElfOpenBackupEventLogW(&UNCServerName, &FileName, &hEventLog);
855 
856  if (FileName.Buffer != NULL)
857  RtlFreeHeap(RtlGetProcessHeap(), 0, FileName.Buffer);
858 
859  if (!NT_SUCCESS(Status))
860  {
861  SetLastError(RtlNtStatusToDosError(Status));
862  return NULL;
863  }
864 
865  return hEventLog;
866 }
867 
868 
869 /******************************************************************************
870  * OpenEventLogA [ADVAPI32.@]
871  *
872  * Opens a handle to the specified event log.
873  *
874  * PARAMS
875  * lpUNCServerName [I] UNC name of the server on which the event log is
876  * opened.
877  * lpSourceName [I] Name of the log.
878  *
879  * RETURNS
880  * Success: Handle to an event log.
881  * Failure: NULL
882  */
883 NTSTATUS
884 NTAPI
885 ElfOpenEventLogA(IN PANSI_STRING UNCServerNameA,
886  IN PANSI_STRING SourceNameA,
887  OUT PHANDLE phEventLog)
888 {
889  NTSTATUS Status;
890  PSTR pUNCServerName = NULL;
891 
892  if (!phEventLog || !SourceNameA || (SourceNameA->Length == 0))
893  return STATUS_INVALID_PARAMETER;
894 
895  if (UNCServerNameA && (UNCServerNameA->Length != 0))
896  pUNCServerName = UNCServerNameA->Buffer;
897 
898  *phEventLog = NULL;
899 
900  RpcTryExcept
901  {
902  Status = ElfrOpenELA(pUNCServerName,
903  (PRPC_STRING)SourceNameA,
904  &EmptyStringA,
905  1,
906  1,
907  (IELF_HANDLE*)phEventLog);
908  }
909  RpcExcept(EXCEPTION_EXECUTE_HANDLER)
910  {
911  Status = I_RpcMapWin32Status(RpcExceptionCode());
912  }
913  RpcEndExcept;
914 
915  return Status;
916 }
917 
918 HANDLE WINAPI
919 OpenEventLogA(IN LPCSTR lpUNCServerName,
920  IN LPCSTR lpSourceName)
921 {
922  NTSTATUS Status;
923  HANDLE hEventLog;
924  ANSI_STRING UNCServerName, SourceName;
925 
926  TRACE("%s, %s\n", lpUNCServerName, lpSourceName);
927 
928  RtlInitAnsiString(&UNCServerName, lpUNCServerName);
929  RtlInitAnsiString(&SourceName, lpSourceName);
930 
931  Status = ElfOpenEventLogA(&UNCServerName, &SourceName, &hEventLog);
932  if (!NT_SUCCESS(Status))
933  {
934  SetLastError(RtlNtStatusToDosError(Status));
935  return NULL;
936  }
937 
938  return hEventLog;
939 }
940 
941 
942 /******************************************************************************
943  * OpenEventLogW [ADVAPI32.@]
944  *
945  * PARAMS
946  * lpUNCServerName []
947  * lpSourceName []
948  */
949 NTSTATUS
950 NTAPI
951 ElfOpenEventLogW(IN PUNICODE_STRING UNCServerNameU,
952  IN PUNICODE_STRING SourceNameU,
953  OUT PHANDLE phEventLog)
954 {
955  NTSTATUS Status;
956  PWSTR pUNCServerName = NULL;
957 
958  if (!phEventLog || !SourceNameU || (SourceNameU->Length == 0))
959  return STATUS_INVALID_PARAMETER;
960 
961  if (UNCServerNameU && (UNCServerNameU->Length != 0))
962  pUNCServerName = UNCServerNameU->Buffer;
963 
964  *phEventLog = NULL;
965 
966  RpcTryExcept
967  {
968  Status = ElfrOpenELW(pUNCServerName,
969  (PRPC_UNICODE_STRING)SourceNameU,
970  &EmptyStringU,
971  1,
972  1,
973  (IELF_HANDLE*)phEventLog);
974  }
975  RpcExcept(EXCEPTION_EXECUTE_HANDLER)
976  {
977  Status = I_RpcMapWin32Status(RpcExceptionCode());
978  }
979  RpcEndExcept;
980 
981  return Status;
982 }
983 
984 HANDLE WINAPI
985 OpenEventLogW(IN LPCWSTR lpUNCServerName,
986  IN LPCWSTR lpSourceName)
987 {
988  NTSTATUS Status;
989  HANDLE hEventLog;
990  UNICODE_STRING UNCServerName, SourceName;
991 
992  TRACE("%s, %s\n", debugstr_w(lpUNCServerName), debugstr_w(lpSourceName));
993 
994  RtlInitUnicodeString(&UNCServerName, lpUNCServerName);
995  RtlInitUnicodeString(&SourceName, lpSourceName);
996 
997  Status = ElfOpenEventLogW(&UNCServerName, &SourceName, &hEventLog);
998  if (!NT_SUCCESS(Status))
999  {
1000  SetLastError(RtlNtStatusToDosError(Status));
1001  return NULL;
1002  }
1003 
1004  return hEventLog;
1005 }
1006 
1007 
1008 /******************************************************************************
1009  * ReadEventLogA [ADVAPI32.@]
1010  */
1011 NTSTATUS
1012 NTAPI
1013 ElfReadEventLogA(IN HANDLE hEventLog,
1014  IN ULONG ReadFlags,
1015  IN ULONG RecordOffset,
1016  OUT LPVOID Buffer,
1017  IN ULONG NumberOfBytesToRead,
1018  OUT PULONG NumberOfBytesRead,
1019  OUT PULONG MinNumberOfBytesNeeded)
1020 {
1021  NTSTATUS Status;
1022  ULONG Flags;
1023 
1024  if (!Buffer || !NumberOfBytesRead || !MinNumberOfBytesNeeded)
1025  {
1026  return STATUS_INVALID_PARAMETER;
1027  }
1028 
1029  Flags = ReadFlags & (EVENTLOG_SEQUENTIAL_READ | EVENTLOG_SEEK_READ);
1030  if (Flags == (EVENTLOG_SEQUENTIAL_READ | EVENTLOG_SEEK_READ))
1031  {
1032  return STATUS_INVALID_PARAMETER;
1033  }
1034 
1035  Flags = ReadFlags & (EVENTLOG_FORWARDS_READ | EVENTLOG_BACKWARDS_READ);
1036  if (Flags == (EVENTLOG_FORWARDS_READ | EVENTLOG_BACKWARDS_READ))
1037  {
1038  return STATUS_INVALID_PARAMETER;
1039  }
1040 
1041  RpcTryExcept
1042  {
1043  Status = ElfrReadELA(hEventLog,
1044  ReadFlags,
1045  RecordOffset,
1046  NumberOfBytesToRead,
1047  Buffer,
1048  NumberOfBytesRead,
1049  MinNumberOfBytesNeeded);
1050  }
1051  RpcExcept(EXCEPTION_EXECUTE_HANDLER)
1052  {
1053  Status = I_RpcMapWin32Status(RpcExceptionCode());
1054  }
1055  RpcEndExcept;
1056 
1057  return Status;
1058 }
1059 
1060 BOOL WINAPI
1061 ReadEventLogA(IN HANDLE hEventLog,
1062  IN DWORD dwReadFlags,
1063  IN DWORD dwRecordOffset,
1064  OUT LPVOID lpBuffer,
1065  IN DWORD nNumberOfBytesToRead,
1066  OUT DWORD *pnBytesRead,
1067  OUT DWORD *pnMinNumberOfBytesNeeded)
1068 {
1069  NTSTATUS Status;
1070 
1071  TRACE("%p, %lu, %lu, %p, %lu, %p, %p\n",
1072  hEventLog, dwReadFlags, dwRecordOffset, lpBuffer,
1073  nNumberOfBytesToRead, pnBytesRead, pnMinNumberOfBytesNeeded);
1074 
1075  Status = ElfReadEventLogA(hEventLog,
1076  dwReadFlags,
1077  dwRecordOffset,
1078  lpBuffer,
1079  nNumberOfBytesToRead,
1080  pnBytesRead,
1081  pnMinNumberOfBytesNeeded);
1082  if (!NT_SUCCESS(Status))
1083  {
1084  SetLastError(RtlNtStatusToDosError(Status));
1085  return FALSE;
1086  }
1087 
1088  return TRUE;
1089 }
1090 
1091 
1092 /******************************************************************************
1093  * ReadEventLogW [ADVAPI32.@]
1094  *
1095  * PARAMS
1096  * hEventLog []
1097  * dwReadFlags []
1098  * dwRecordOffset []
1099  * lpBuffer []
1100  * nNumberOfBytesToRead []
1101  * pnBytesRead []
1102  * pnMinNumberOfBytesNeeded []
1103  */
1104 NTSTATUS
1105 NTAPI
1106 ElfReadEventLogW(IN HANDLE hEventLog,
1107  IN ULONG ReadFlags,
1108  IN ULONG RecordOffset,
1109  OUT LPVOID Buffer,
1110  IN ULONG NumberOfBytesToRead,
1111  OUT PULONG NumberOfBytesRead,
1112  OUT PULONG MinNumberOfBytesNeeded)
1113 {
1114  NTSTATUS Status;
1115  ULONG Flags;
1116 
1117  if (!Buffer || !NumberOfBytesRead || !MinNumberOfBytesNeeded)
1118  {
1119  return STATUS_INVALID_PARAMETER;
1120  }
1121 
1122  Flags = ReadFlags & (EVENTLOG_SEQUENTIAL_READ | EVENTLOG_SEEK_READ);
1123  if (Flags == (EVENTLOG_SEQUENTIAL_READ | EVENTLOG_SEEK_READ))
1124  {
1125  return STATUS_INVALID_PARAMETER;
1126  }
1127 
1128  Flags = ReadFlags & (EVENTLOG_FORWARDS_READ | EVENTLOG_BACKWARDS_READ);
1129  if (Flags == (EVENTLOG_FORWARDS_READ | EVENTLOG_BACKWARDS_READ))
1130  {
1131  return STATUS_INVALID_PARAMETER;
1132  }
1133 
1134  RpcTryExcept
1135  {
1136  Status = ElfrReadELW(hEventLog,
1137  ReadFlags,
1138  RecordOffset,
1139  NumberOfBytesToRead,
1140  Buffer,
1141  NumberOfBytesRead,
1142  MinNumberOfBytesNeeded);
1143  }
1144  RpcExcept(EXCEPTION_EXECUTE_HANDLER)
1145  {
1146  Status = I_RpcMapWin32Status(RpcExceptionCode());
1147  }
1148  RpcEndExcept;
1149 
1150  return Status;
1151 }
1152 
1153 BOOL WINAPI
1154 ReadEventLogW(IN HANDLE hEventLog,
1155  IN DWORD dwReadFlags,
1156  IN DWORD dwRecordOffset,
1157  OUT LPVOID lpBuffer,
1158  IN DWORD nNumberOfBytesToRead,
1159  OUT DWORD *pnBytesRead,
1160  OUT DWORD *pnMinNumberOfBytesNeeded)
1161 {
1162  NTSTATUS Status;
1163 
1164  TRACE("%p, %lu, %lu, %p, %lu, %p, %p\n",
1165  hEventLog, dwReadFlags, dwRecordOffset, lpBuffer,
1166  nNumberOfBytesToRead, pnBytesRead, pnMinNumberOfBytesNeeded);
1167 
1168  Status = ElfReadEventLogW(hEventLog,
1169  dwReadFlags,
1170  dwRecordOffset,
1171  lpBuffer,
1172  nNumberOfBytesToRead,
1173  pnBytesRead,
1174  pnMinNumberOfBytesNeeded);
1175  if (!NT_SUCCESS(Status))
1176  {
1177  SetLastError(RtlNtStatusToDosError(Status));
1178  return FALSE;
1179  }
1180 
1181  return TRUE;
1182 }
1183 
1184 
1185 /******************************************************************************
1186  * RegisterEventSourceA [ADVAPI32.@]
1187  */
1188 NTSTATUS
1189 NTAPI
1190 ElfRegisterEventSourceA(IN PANSI_STRING UNCServerNameA,
1191  IN PANSI_STRING SourceNameA,
1192  OUT PHANDLE phEventLog)
1193 {
1194  NTSTATUS Status;
1195  PSTR pUNCServerName = NULL;
1196 
1197  if (!phEventLog || !SourceNameA || (SourceNameA->Length == 0))
1198  return STATUS_INVALID_PARAMETER;
1199 
1200  if (UNCServerNameA && (UNCServerNameA->Length != 0))
1201  pUNCServerName = UNCServerNameA->Buffer;
1202 
1203  *phEventLog = NULL;
1204 
1205  RpcTryExcept
1206  {
1207  Status = ElfrRegisterEventSourceA(pUNCServerName,
1208  (PRPC_STRING)SourceNameA,
1209  &EmptyStringA,
1210  1,
1211  1,
1212  (IELF_HANDLE*)phEventLog);
1213  }
1214  RpcExcept(EXCEPTION_EXECUTE_HANDLER)
1215  {
1216  Status = I_RpcMapWin32Status(RpcExceptionCode());
1217  }
1218  RpcEndExcept;
1219 
1220  return Status;
1221 }
1222 
1223 HANDLE WINAPI
1224 RegisterEventSourceA(IN LPCSTR lpUNCServerName,
1225  IN LPCSTR lpSourceName)
1226 {
1227  NTSTATUS Status;
1228  HANDLE hEventLog;
1229  ANSI_STRING UNCServerName, SourceName;
1230 
1231  TRACE("%s, %s\n", lpUNCServerName, lpSourceName);
1232 
1233  RtlInitAnsiString(&UNCServerName, lpUNCServerName);
1234  RtlInitAnsiString(&SourceName, lpSourceName);
1235 
1236  Status = ElfRegisterEventSourceA(&UNCServerName, &SourceName, &hEventLog);
1237  if (!NT_SUCCESS(Status))
1238  {
1239  SetLastError(RtlNtStatusToDosError(Status));
1240  return NULL;
1241  }
1242 
1243  return hEventLog;
1244 }
1245 
1246 
1247 /******************************************************************************
1248  * RegisterEventSourceW [ADVAPI32.@]
1249  * Returns a registered handle to an event log
1250  *
1251  * PARAMS
1252  * lpUNCServerName [I] Server name for source
1253  * lpSourceName [I] Source name for registered handle
1254  *
1255  * RETURNS
1256  * Success: Handle
1257  * Failure: NULL
1258  */
1259 NTSTATUS
1260 NTAPI
1261 ElfRegisterEventSourceW(IN PUNICODE_STRING UNCServerNameU,
1262  IN PUNICODE_STRING SourceNameU,
1263  OUT PHANDLE phEventLog)
1264 {
1265  NTSTATUS Status;
1266  PWSTR pUNCServerName = NULL;
1267 
1268  if (!phEventLog || !SourceNameU || (SourceNameU->Length == 0))
1269  return STATUS_INVALID_PARAMETER;
1270 
1271  if (UNCServerNameU && (UNCServerNameU->Length != 0))
1272  pUNCServerName = UNCServerNameU->Buffer;
1273 
1274  *phEventLog = NULL;
1275 
1276  RpcTryExcept
1277  {
1278  Status = ElfrRegisterEventSourceW(pUNCServerName,
1279  (PRPC_UNICODE_STRING)SourceNameU,
1280  &EmptyStringU,
1281  1,
1282  1,
1283  (IELF_HANDLE*)phEventLog);
1284  }
1285  RpcExcept(EXCEPTION_EXECUTE_HANDLER)
1286  {
1287  Status = I_RpcMapWin32Status(RpcExceptionCode());
1288  }
1289  RpcEndExcept;
1290 
1291  return Status;
1292 }
1293 
1294 HANDLE WINAPI
1295 RegisterEventSourceW(IN LPCWSTR lpUNCServerName,
1296  IN LPCWSTR lpSourceName)
1297 {
1298  NTSTATUS Status;
1299  HANDLE hEventLog;
1300  UNICODE_STRING UNCServerName, SourceName;
1301 
1302  TRACE("%s, %s\n", debugstr_w(lpUNCServerName), debugstr_w(lpSourceName));
1303 
1304  RtlInitUnicodeString(&UNCServerName, lpUNCServerName);
1305  RtlInitUnicodeString(&SourceName, lpSourceName);
1306 
1307  Status = ElfRegisterEventSourceW(&UNCServerName, &SourceName, &hEventLog);
1308  if (!NT_SUCCESS(Status))
1309  {
1310  SetLastError(RtlNtStatusToDosError(Status));
1311  return NULL;
1312  }
1313 
1314  return hEventLog;
1315 }
1316 
1317 
1318 /******************************************************************************
1319  * ReportEventA [ADVAPI32.@]
1320  */
1321 NTSTATUS
1322 NTAPI
1323 ElfReportEventA(IN HANDLE hEventLog,
1324  IN USHORT EventType,
1325  IN USHORT EventCategory,
1326  IN ULONG EventID,
1327  IN PSID UserSID,
1328  IN USHORT NumStrings,
1329  IN ULONG DataSize,
1330  IN PANSI_STRING* Strings,
1331  IN PVOID Data,
1332  IN USHORT Flags,
1333  IN OUT PULONG RecordNumber,
1334  IN OUT PULONG TimeWritten)
1335 {
1336  NTSTATUS Status;
1337  LARGE_INTEGER SystemTime;
1338  ULONG Time;
1339  ULONG dwSize;
1340  ANSI_STRING ComputerName;
1341  CHAR szComputerName[MAX_COMPUTERNAME_LENGTH + 1];
1342 
1343  dwSize = ARRAYSIZE(szComputerName);
1344  GetComputerNameA(szComputerName, &dwSize);
1345  RtlInitAnsiString(&ComputerName, szComputerName);
1346 
1347  NtQuerySystemTime(&SystemTime);
1348  RtlTimeToSecondsSince1970(&SystemTime, &Time);
1349 
1350  RpcTryExcept
1351  {
1352  Status = ElfrReportEventA(hEventLog,
1353  Time,
1354  EventType,
1355  EventCategory,
1356  EventID,
1357  NumStrings,
1358  DataSize,
1359  (PRPC_STRING)&ComputerName,
1360  (PRPC_SID)UserSID,
1361  (PRPC_STRING*)Strings,
1362  Data,
1363  Flags,
1364  RecordNumber,
1365  TimeWritten);
1366  }
1367  RpcExcept(EXCEPTION_EXECUTE_HANDLER)
1368  {
1369  Status = I_RpcMapWin32Status(RpcExceptionCode());
1370  }
1371  RpcEndExcept;
1372 
1373  return Status;
1374 }
1375 
1376 BOOL WINAPI
1377 ReportEventA(IN HANDLE hEventLog,
1378  IN WORD wType,
1379  IN WORD wCategory,
1380  IN DWORD dwEventID,
1381  IN PSID lpUserSid,
1382  IN WORD wNumStrings,
1383  IN DWORD dwDataSize,
1384  IN LPCSTR *lpStrings,
1385  IN LPVOID lpRawData)
1386 {
1387  NTSTATUS Status;
1388  PANSI_STRING *Strings;
1389  WORD i;
1390 
1391  TRACE("%p, %u, %u, %lu, %p, %u, %lu, %p, %p\n",
1392  hEventLog, wType, wCategory, dwEventID, lpUserSid,
1393  wNumStrings, dwDataSize, lpStrings, lpRawData);
1394 
1395  Strings = HeapAlloc(GetProcessHeap(),
1396  HEAP_ZERO_MEMORY,
1397  wNumStrings * sizeof(PANSI_STRING));
1398  if (!Strings)
1399  {
1400  SetLastError(ERROR_NOT_ENOUGH_MEMORY);
1401  return FALSE;
1402  }
1403 
1404  for (i = 0; i < wNumStrings; i++)
1405  {
1406  Strings[i] = HeapAlloc(GetProcessHeap(),
1407  HEAP_ZERO_MEMORY,
1408  sizeof(ANSI_STRING));
1409  if (Strings[i])
1410  {
1411  RtlInitAnsiString(Strings[i], lpStrings[i]);
1412  }
1413  }
1414 
1415  Status = ElfReportEventA(hEventLog,
1416  wType,
1417  wCategory,
1418  dwEventID,
1419  lpUserSid,
1420  wNumStrings,
1421  dwDataSize,
1422  Strings,
1423  lpRawData,
1424  0,
1425  NULL,
1426  NULL);
1427 
1428  for (i = 0; i < wNumStrings; i++)
1429  {
1430  if (Strings[i] != NULL)
1431  HeapFree(GetProcessHeap(), 0, Strings[i]);
1432  }
1433 
1434  HeapFree(GetProcessHeap(), 0, Strings);
1435 
1436  if (!NT_SUCCESS(Status))
1437  {
1438  SetLastError(RtlNtStatusToDosError(Status));
1439  return FALSE;
1440  }
1441 
1442  return TRUE;
1443 }
1444 
1445 
1446 /******************************************************************************
1447  * ReportEventW [ADVAPI32.@]
1448  *
1449  * PARAMS
1450  * hEventLog []
1451  * wType []
1452  * wCategory []
1453  * dwEventID []
1454  * lpUserSid []
1455  * wNumStrings []
1456  * dwDataSize []
1457  * lpStrings []
1458  * lpRawData []
1459  */
1460 NTSTATUS
1461 NTAPI
1462 ElfReportEventW(IN HANDLE hEventLog,
1463  IN USHORT EventType,
1464  IN USHORT EventCategory,
1465  IN ULONG EventID,
1466  IN PSID UserSID,
1467  IN USHORT NumStrings,
1468  IN ULONG DataSize,
1469  IN PUNICODE_STRING* Strings,
1470  IN PVOID Data,
1471  IN USHORT Flags,
1472  IN OUT PULONG RecordNumber,
1473  IN OUT PULONG TimeWritten)
1474 {
1475  NTSTATUS Status;
1476  LARGE_INTEGER SystemTime;
1477  ULONG Time;
1478  ULONG dwSize;
1479  UNICODE_STRING ComputerName;
1480  WCHAR szComputerName[MAX_COMPUTERNAME_LENGTH + 1];
1481 
1482  dwSize = ARRAYSIZE(szComputerName);
1483  GetComputerNameW(szComputerName, &dwSize);
1484  RtlInitUnicodeString(&ComputerName, szComputerName);
1485 
1486  NtQuerySystemTime(&SystemTime);
1487  RtlTimeToSecondsSince1970(&SystemTime, &Time);
1488 
1489  RpcTryExcept
1490  {
1491  Status = ElfrReportEventW(hEventLog,
1492  Time,
1493  EventType,
1494  EventCategory,
1495  EventID,
1496  NumStrings,
1497  DataSize,
1498  (PRPC_UNICODE_STRING)&ComputerName,
1499  (PRPC_SID)UserSID,
1500  (PRPC_UNICODE_STRING*)Strings,
1501  Data,
1502  Flags,
1503  RecordNumber,
1504  TimeWritten);
1505  }
1506  RpcExcept(EXCEPTION_EXECUTE_HANDLER)
1507  {
1508  Status = I_RpcMapWin32Status(RpcExceptionCode());
1509  }
1510  RpcEndExcept;
1511 
1512  return Status;
1513 }
1514 
1515 BOOL WINAPI
1516 ReportEventW(IN HANDLE hEventLog,
1517  IN WORD wType,
1518  IN WORD wCategory,
1519  IN DWORD dwEventID,
1520  IN PSID lpUserSid,
1521  IN WORD wNumStrings,
1522  IN DWORD dwDataSize,
1523  IN LPCWSTR *lpStrings,
1524  IN LPVOID lpRawData)
1525 {
1526  NTSTATUS Status;
1527  PUNICODE_STRING *Strings;
1528  WORD i;
1529 
1530  TRACE("%p, %u, %u, %lu, %p, %u, %lu, %p, %p\n",
1531  hEventLog, wType, wCategory, dwEventID, lpUserSid,
1532  wNumStrings, dwDataSize, lpStrings, lpRawData);
1533 
1534  Strings = HeapAlloc(GetProcessHeap(),
1535  HEAP_ZERO_MEMORY,
1536  wNumStrings * sizeof(PUNICODE_STRING));
1537  if (!Strings)
1538  {
1539  SetLastError(ERROR_NOT_ENOUGH_MEMORY);
1540  return FALSE;
1541  }
1542 
1543  for (i = 0; i < wNumStrings; i++)
1544  {
1545  Strings[i] = HeapAlloc(GetProcessHeap(),
1546  HEAP_ZERO_MEMORY,
1547  sizeof(UNICODE_STRING));
1548  if (Strings[i])
1549  {
1550  RtlInitUnicodeString(Strings[i], lpStrings[i]);
1551  }
1552  }
1553 
1554  Status = ElfReportEventW(hEventLog,
1555  wType,
1556  wCategory,
1557  dwEventID,
1558  lpUserSid,
1559  wNumStrings,
1560  dwDataSize,
1561  Strings,
1562  lpRawData,
1563  0,
1564  NULL,
1565  NULL);
1566 
1567  for (i = 0; i < wNumStrings; i++)
1568  {
1569  if (Strings[i] != NULL)
1570  HeapFree(GetProcessHeap(), 0, Strings[i]);
1571  }
1572 
1573  HeapFree(GetProcessHeap(), 0, Strings);
1574 
1575  if (!NT_SUCCESS(Status))
1576  {
1577  SetLastError(RtlNtStatusToDosError(Status));
1578  return FALSE;
1579  }
1580 
1581  return TRUE;
1582 }
1583 
1584 NTSTATUS
1585 NTAPI
1586 ElfReportEventAndSourceW(IN HANDLE hEventLog,
1587  IN ULONG Time,
1588  IN PUNICODE_STRING ComputerName,
1589  IN USHORT EventType,
1590  IN USHORT EventCategory,
1591  IN ULONG EventID,
1592  IN PSID UserSID,
1593  IN PUNICODE_STRING SourceName,
1594  IN USHORT NumStrings,
1595  IN ULONG DataSize,
1596  IN PUNICODE_STRING* Strings,
1597  IN PVOID Data,
1598  IN USHORT Flags,
1599  IN OUT PULONG RecordNumber,
1600  IN OUT PULONG TimeWritten)
1601 {
1602  NTSTATUS Status;
1603 
1604  RpcTryExcept
1605  {
1606  Status = ElfrReportEventAndSourceW(hEventLog,
1607  Time,
1608  EventType,
1609  EventCategory,
1610  EventID,
1611  (PRPC_UNICODE_STRING)SourceName,
1612  NumStrings,
1613  DataSize,
1614  (PRPC_UNICODE_STRING)ComputerName,
1615  (PRPC_SID)UserSID,
1616  (PRPC_UNICODE_STRING*)Strings,
1617  (PBYTE)Data,
1618  Flags,
1619  RecordNumber,
1620  TimeWritten);
1621  }
1622  RpcExcept(EXCEPTION_EXECUTE_HANDLER)
1623  {
1624  Status = I_RpcMapWin32Status(RpcExceptionCode());
1625  }
1626  RpcEndExcept;
1627 
1628  return Status;
1629 }
1630 
1631 NTSTATUS
1632 NTAPI
1633 ElfFlushEventLog(IN HANDLE hEventLog)
1634 {
1635  NTSTATUS Status;
1636 
1637  RpcTryExcept
1638  {
1639  Status = ElfrFlushEL(hEventLog);
1640  }
1641  RpcExcept(EXCEPTION_EXECUTE_HANDLER)
1642  {
1643  Status = I_RpcMapWin32Status(RpcExceptionCode());
1644  }
1645  RpcEndExcept;
1646 
1647  return Status;
1648 }
EVENTLOG_HANDLE_W
LPWSTR EVENTLOG_HANDLE_W
Definition: eventlogrpc.idl:24
ElfrGetLogInformation
NTSTATUS WINAPI ElfrGetLogInformation(IELF_HANDLE LogHandle, ULONG InfoLevel, PBYTE Buffer, ULONG cbBufSize, PULONG pcbBytesNeeded)
Definition: rpc.c:1144
GetComputerNameA
BOOL WINAPI SHIM_OBJ_NAME() GetComputerNameA(LPSTR lpBuffer, LPDWORD lpnSize)
Definition: shimtest.c:21
ERROR_INVALID_PARAMETER
#define ERROR_INVALID_PARAMETER
Definition: compat.h:101
RpcBindingFromStringBindingW
RPC_STATUS WINAPI RpcBindingFromStringBindingW(RPC_WSTR StringBinding, RPC_BINDING_HANDLE *Binding)
Definition: rpc_binding.c:876
OpenEventLogW
HANDLE WINAPI OpenEventLogW(IN LPCWSTR lpUNCServerName, IN LPCWSTR lpSourceName)
Definition: eventlog.c:985
ElfCloseEventLog
NTSTATUS NTAPI ElfCloseEventLog(IN HANDLE hEventLog)
Definition: eventlog.c:409
IN
#define IN
Definition: typedefs.h:39
RpcEndExcept
#define RpcEndExcept
Definition: rpc.h:128
RpcBindingFree
RPC_STATUS WINAPI RpcBindingFree(RPC_BINDING_HANDLE *Binding)
Definition: rpc_binding.c:783
pcbBytesNeeded
_In_ DWORD _In_ DWORD _Out_ LPDWORD pcbBytesNeeded
Definition: winsvc.h:424
ElfrBackupELFA
NTSTATUS WINAPI ElfrBackupELFA(IELF_HANDLE LogHandle, PRPC_STRING BackupFileName)
Definition: rpc.c:787
ElfClearEventLogFileA
NTSTATUS NTAPI ElfClearEventLogFileA(IN HANDLE hEventLog, IN PANSI_STRING BackupFileNameA)
Definition: eventlog.c:285
ElfrReadELW
NTSTATUS WINAPI ElfrReadELW(IELF_HANDLE LogHandle, ULONG ReadFlags, ULONG RecordOffset, RULONG NumberOfBytesToRead, PBYTE Buffer, PULONG NumberOfBytesRead, PULONG MinNumberOfBytesNeeded)
Definition: rpc.c:530
ElfReportEventW
NTSTATUS NTAPI ElfReportEventW(IN HANDLE hEventLog, IN USHORT EventType, IN USHORT EventCategory, IN ULONG EventID, IN PSID UserSID, IN USHORT NumStrings, IN ULONG DataSize, IN PUNICODE_STRING *Strings, IN PVOID Data, IN USHORT Flags, IN OUT PULONG RecordNumber, IN OUT PULONG TimeWritten)
Definition: eventlog.c:1462
_SID
Definition: ms-dtyp.idl:198
LPCWSTR
const WCHAR * LPCWSTR
Definition: xmlstorage.h:185
hBinding
handle_t hBinding
Definition: ctx_c.c:54
RpcStringFreeW
RPC_STATUS WINAPI RpcStringFreeW(RPC_WSTR *String)
Definition: rpcrt4_main.c:174
_RPC_CLIENT_ID::UniqueThread
ULONG UniqueThread
Definition: eventlogrpc.idl:29
ElfReadEventLogW
NTSTATUS NTAPI ElfReadEventLogW(IN HANDLE hEventLog, IN ULONG ReadFlags, IN ULONG RecordOffset, OUT LPVOID Buffer, IN ULONG NumberOfBytesToRead, OUT PULONG NumberOfBytesRead, OUT PULONG MinNumberOfBytesNeeded)
Definition: eventlog.c:1106
TRUE
#define TRUE
Definition: types.h:120
ElfrClearELFA
NTSTATUS WINAPI ElfrClearELFA(IELF_HANDLE LogHandle, PRPC_STRING BackupFileName)
Definition: rpc.c:762
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
EVENTLOG_HANDLE_A_unbind
void __RPC_USER EVENTLOG_HANDLE_A_unbind(EVENTLOG_HANDLE_A UNCServerName, handle_t hBinding)
Definition: eventlog.c:79
PWSTR
uint16_t * PWSTR
Definition: typedefs.h:56
BackupEventLogW
BOOL WINAPI BackupEventLogW(IN HANDLE hEventLog, IN LPCWSTR lpBackupFileName)
Definition: eventlog.c:245
RpcStringBindingComposeA
RPC_STATUS WINAPI RpcStringBindingComposeA(RPC_CSTR ObjUuid, RPC_CSTR Protseq, RPC_CSTR NetworkAddr, RPC_CSTR Endpoint, RPC_CSTR Options, RPC_CSTR *StringBinding)
Definition: rpc_binding.c:457
CHAR
char CHAR
Definition: xmlstorage.h:175
ElfrReportEventW
NTSTATUS WINAPI ElfrReportEventW(IELF_HANDLE LogHandle, ULONG Time, USHORT EventType, USHORT EventCategory, ULONG EventID, USHORT NumStrings, ULONG DataSize, PRPC_UNICODE_STRING ComputerName, PRPC_SID UserSID, PRPC_UNICODE_STRING Strings[], PBYTE Data, USHORT Flags, PULONG RecordNumber, PULONG TimeWritten)
Definition: rpc.c:724
_RPC_UNICODE_STRING
Definition: msv1_0.h:20
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
RtlFreeHeap
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
HandleToUlong
#define HandleToUlong(h)
Definition: basetsd.h:79
GetEventLogInformation
BOOL WINAPI GetEventLogInformation(IN HANDLE hEventLog, IN DWORD dwInfoLevel, OUT LPVOID lpBuffer, IN DWORD cbBufSize, OUT LPDWORD pcbBytesNeeded)
Definition: eventlog.c:501
ElfrOpenBELW
NTSTATUS WINAPI ElfrOpenBELW(EVENTLOG_HANDLE_W UNCServerName, PRPC_UNICODE_STRING BackupFileName, ULONG MajorVersion, ULONG MinorVersion, PIELF_HANDLE LogHandle)
Definition: rpc.c:506
ARRAYSIZE
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
ERROR_NOT_ENOUGH_MEMORY
#define ERROR_NOT_ENOUGH_MEMORY
Definition: dderror.h:7
ReadEventLogW
BOOL WINAPI ReadEventLogW(IN HANDLE hEventLog, IN DWORD dwReadFlags, IN DWORD dwRecordOffset, OUT LPVOID lpBuffer, IN DWORD nNumberOfBytesToRead, OUT DWORD *pnBytesRead, OUT DWORD *pnMinNumberOfBytesNeeded)
Definition: eventlog.c:1154
ElfrDeregisterEventSource
NTSTATUS WINAPI ElfrDeregisterEventSource(PIELF_HANDLE LogHandle)
Definition: rpc.c:343
ElfrClearELFW
NTSTATUS WINAPI ElfrClearELFW(IELF_HANDLE LogHandle, PRPC_UNICODE_STRING BackupFileName)
Definition: rpc.c:289
ReportEventA
BOOL WINAPI ReportEventA(IN HANDLE hEventLog, IN WORD wType, IN WORD wCategory, IN DWORD dwEventID, IN PSID lpUserSid, IN WORD wNumStrings, IN DWORD dwDataSize, IN LPCSTR *lpStrings, IN LPVOID lpRawData)
Definition: eventlog.c:1377
GetComputerNameW
BOOL WINAPI GetComputerNameW(LPWSTR lpBuffer, LPDWORD lpnSize)
Definition: compname.c:446
RPC_WSTR
unsigned short * RPC_WSTR
Definition: rpcdce.h:46
_CLIENT_ID::UniqueProcess
HANDLE UniqueProcess
Definition: compat.h:684
ElfNumberOfRecords
NTSTATUS NTAPI ElfNumberOfRecords(IN HANDLE hEventLog, OUT PULONG NumberOfRecords)
Definition: eventlog.c:548
RpcStringFreeA
RPC_STATUS WINAPI RpcStringFreeA(RPC_CSTR *String)
Definition: rpcrt4_main.c:158
RpcStringBindingComposeW
RPC_STATUS WINAPI RpcStringBindingComposeW(RPC_WSTR ObjUuid, RPC_WSTR Protseq, RPC_WSTR NetworkAddr, RPC_WSTR Endpoint, RPC_WSTR Options, RPC_WSTR *StringBinding)
Definition: rpc_binding.c:510
hEvent
static HANDLE hEvent
Definition: comm.c:54
ElfrOpenBELA
NTSTATUS WINAPI ElfrOpenBELA(EVENTLOG_HANDLE_A UNCServerName, PRPC_STRING BackupFileName, ULONG MajorVersion, ULONG MinorVersion, PIELF_HANDLE LogHandle)
Definition: rpc.c:897
EVENTLOG_BACKWARDS_READ
#define EVENTLOG_BACKWARDS_READ
Definition: winnt_old.h:2699
RtlInitAnsiString
NTSYSAPI VOID NTAPI RtlInitAnsiString(PANSI_STRING DestinationString, PCSZ SourceString)
ElfrBackupELFW
NTSTATUS WINAPI ElfrBackupELFW(IELF_HANDLE LogHandle, PRPC_UNICODE_STRING BackupFileName)
Definition: rpc.c:313
ElfOpenBackupEventLogW
NTSTATUS NTAPI ElfOpenBackupEventLogW(IN PUNICODE_STRING UNCServerNameU, IN PUNICODE_STRING BackupFileNameU, OUT PHANDLE phEventLog)
Definition: eventlog.c:797
ElfRegisterEventSourceW
NTSTATUS NTAPI ElfRegisterEventSourceW(IN PUNICODE_STRING UNCServerNameU, IN PUNICODE_STRING SourceNameU, OUT PHANDLE phEventLog)
Definition: eventlog.c:1261
RPC_STATUS
long RPC_STATUS
Definition: rpc.h:52
ClearEventLogA
BOOL WINAPI ClearEventLogA(IN HANDLE hEventLog, IN LPCSTR lpBackupFileName)
Definition: eventlog.c:305
RtlNtStatusToDosError
NTSYSAPI ULONG WINAPI RtlNtStatusToDosError(NTSTATUS)
ElfReportEventAndSourceW
NTSTATUS NTAPI ElfReportEventAndSourceW(IN HANDLE hEventLog, IN ULONG Time, IN PUNICODE_STRING ComputerName, IN USHORT EventType, IN USHORT EventCategory, IN ULONG EventID, IN PSID UserSID, IN PUNICODE_STRING SourceName, IN USHORT NumStrings, IN ULONG DataSize, IN PUNICODE_STRING *Strings, IN PVOID Data, IN USHORT Flags, IN OUT PULONG RecordNumber, IN OUT PULONG TimeWritten)
Definition: eventlog.c:1586
LPBYTE
unsigned char * LPBYTE
Definition: typedefs.h:53
NTAPI
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
Definition: IoEaTest.cpp:117
FALSE
#define FALSE
Definition: types.h:117
GetOldestEventLogRecord
BOOL WINAPI GetOldestEventLogRecord(IN HANDLE hEventLog, OUT PDWORD OldestRecord)
Definition: eventlog.c:619
BOOL
unsigned int BOOL
Definition: ntddk_ex.h:94
NumStrings
_In_ NDIS_STATUS _In_ ULONG _In_ USHORT NumStrings
Definition: ndis.h:4751
ElfrCloseEL
NTSTATUS WINAPI ElfrCloseEL(PIELF_HANDLE LogHandle)
Definition: rpc.c:333
EmptyStringA
static RPC_STRING EmptyStringA
Definition: eventlog.c:34
_UNICODE_STRING::Buffer
PWSTR Buffer
Definition: env_spec_w32.h:371
_ANSI_STRING
Definition: env_spec_w32.h:375
debugstr_w
#define debugstr_w
Definition: kernel32.h:32
lpBuffer
static TAGREF LPCWSTR LPDWORD LPVOID lpBuffer
Definition: db.cpp:175
ElfrRegisterEventSourceW
NTSTATUS WINAPI ElfrRegisterEventSourceW(EVENTLOG_HANDLE_W UNCServerName, PRPC_UNICODE_STRING ModuleName, PRPC_UNICODE_STRING RegModuleName, ULONG MajorVersion, ULONG MinorVersion, PIELF_HANDLE LogHandle)
Definition: rpc.c:474
RpcTryExcept
#define RpcTryExcept
Definition: rpc.h:126
RPC_CSTR
unsigned char * RPC_CSTR
Definition: rpcdce.h:45
EVENTLOG_HANDLE_W_bind
handle_t __RPC_USER EVENTLOG_HANDLE_W_bind(EVENTLOG_HANDLE_W UNCServerName)
Definition: eventlog.c:95
OpenBackupEventLogW
HANDLE WINAPI OpenBackupEventLogW(IN LPCWSTR lpUNCServerName, IN LPCWSTR lpFileName)
Definition: eventlog.c:830
WINE_DEFAULT_DEBUG_CHANNEL
WINE_DEFAULT_DEBUG_CHANNEL(advapi)
ElfrOpenELA
NTSTATUS WINAPI ElfrOpenELA(EVENTLOG_HANDLE_A UNCServerName, PRPC_STRING ModuleName, PRPC_STRING RegModuleName, ULONG MajorVersion, ULONG MinorVersion, PIELF_HANDLE LogHandle)
Definition: rpc.c:812
ElfFlushEventLog
NTSTATUS NTAPI ElfFlushEventLog(IN HANDLE hEventLog)
Definition: eventlog.c:1633
ElfrChangeNotify
NTSTATUS WINAPI ElfrChangeNotify(IELF_HANDLE LogHandle, RPC_CLIENT_ID ClientId, ULONG Event)
Definition: rpc.c:433
ElfOpenBackupEventLogA
NTSTATUS NTAPI ElfOpenBackupEventLogA(IN PANSI_STRING UNCServerNameA, IN PANSI_STRING BackupFileNameA, OUT PHANDLE phEventLog)
Definition: eventlog.c:693
BackupEventLogA
BOOL WINAPI BackupEventLogA(IN HANDLE hEventLog, IN LPCSTR lpBackupFileName)
Definition: eventlog.c:177
_FileName
Definition: filecomp.c:347
Buffer
Definition: bufpool.h:45
_RPC_STRING
Definition: eventlogrpc.idl:16
LPCSTR
const char * LPCSTR
Definition: xmlstorage.h:183
ElfChangeNotify
NTSTATUS NTAPI ElfChangeNotify(IN HANDLE hEventLog, IN HANDLE hEvent)
Definition: eventlog.c:646
__RPC_USER
#define __RPC_USER
Definition: rpc.h:65
Status
Status
Definition: gdiplustypes.h:24
ElfReadEventLogA
NTSTATUS NTAPI ElfReadEventLogA(IN HANDLE hEventLog, IN ULONG ReadFlags, IN ULONG RecordOffset, OUT LPVOID Buffer, IN ULONG NumberOfBytesToRead, OUT PULONG NumberOfBytesRead, OUT PULONG MinNumberOfBytesNeeded)
Definition: eventlog.c:1013
RpcExceptionCode
#define RpcExceptionCode()
Definition: rpc.h:132
TRACE
#define TRACE(s)
Definition: solgame.cpp:4
Flags
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
ClientId
_Out_ PCLIENT_ID ClientId
Definition: kefuncs.h:1163
GetProcessHeap
#define GetProcessHeap()
Definition: compat.h:595
HeapAlloc
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
RpcBindingFromStringBindingA
RPC_STATUS WINAPI RpcBindingFromStringBindingA(RPC_CSTR StringBinding, RPC_BINDING_HANDLE *Binding)
Definition: rpc_binding.c:836
ElfOldestRecord
NTSTATUS NTAPI ElfOldestRecord(IN HANDLE hEventLog, OUT PULONG OldestRecordNumber)
Definition: eventlog.c:597
WCHAR
__wchar_t WCHAR
Definition: xmlstorage.h:180
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
ElfDeregisterEventSource
NTSTATUS NTAPI ElfDeregisterEventSource(IN HANDLE hEventLog)
Definition: eventlog.c:455
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
ElfrOpenELW
NTSTATUS WINAPI ElfrOpenELW(EVENTLOG_HANDLE_W UNCServerName, PRPC_UNICODE_STRING ModuleName, PRPC_UNICODE_STRING RegModuleName, ULONG MajorVersion, ULONG MinorVersion, PIELF_HANDLE LogHandle)
Definition: rpc.c:446
EVENTLOG_HANDLE_W_unbind
void __RPC_USER EVENTLOG_HANDLE_W_unbind(EVENTLOG_HANDLE_W UNCServerName, handle_t hBinding)
Definition: eventlog.c:134
EVENTLOG_SEQUENTIAL_READ
#define EVENTLOG_SEQUENTIAL_READ
Definition: winnt_old.h:2696
NotifyChangeEventLog
BOOL WINAPI NotifyChangeEventLog(IN HANDLE hEventLog, IN HANDLE hEvent)
Definition: eventlog.c:670
WINAPI
#define WINAPI
Definition: msvc.h:6
WORD
unsigned short WORD
Definition: ntddk_ex.h:93
DWORD
unsigned long DWORD
Definition: ntddk_ex.h:95
cbBufSize
_In_ DWORD _In_ DWORD cbBufSize
Definition: winsvc.h:424
RtlFreeUnicodeString
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
SetLastError
#define SetLastError(x)
Definition: compat.h:611
Strings
static const WCHAR Strings[]
Definition: reg.c:35
_CLIENT_ID::UniqueThread
HANDLE UniqueThread
Definition: compat.h:685
GetNumberOfEventLogRecords
BOOL WINAPI GetNumberOfEventLogRecords(IN HANDLE hEventLog, OUT PDWORD NumberOfRecords)
Definition: eventlog.c:570
L
static const WCHAR L[]
Definition: oid.c:1250
EVENTLOG_FULL_INFO
#define EVENTLOG_FULL_INFO
Definition: winbase.h:1136
CloseEventLog
BOOL WINAPI CloseEventLog(IN HANDLE hEventLog)
Definition: eventlog.c:427
ReadEventLogA
BOOL WINAPI ReadEventLogA(IN HANDLE hEventLog, IN DWORD dwReadFlags, IN DWORD dwRecordOffset, OUT LPVOID lpBuffer, IN DWORD nNumberOfBytesToRead, OUT DWORD *pnBytesRead, OUT DWORD *pnMinNumberOfBytesNeeded)
Definition: eventlog.c:1061
ElfBackupEventLogFileW
NTSTATUS NTAPI ElfBackupEventLogFileW(IN HANDLE hEventLog, IN PUNICODE_STRING BackupFileNameU)
Definition: eventlog.c:222
PHANDLE
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:454
ElfRegisterEventSourceA
NTSTATUS NTAPI ElfRegisterEventSourceA(IN PANSI_STRING UNCServerNameA, IN PANSI_STRING SourceNameA, OUT PHANDLE phEventLog)
Definition: eventlog.c:1190
ReportEventW
BOOL WINAPI ReportEventW(IN HANDLE hEventLog, IN WORD wType, IN WORD wCategory, IN DWORD dwEventID, IN PSID lpUserSid, IN WORD wNumStrings, IN DWORD dwDataSize, IN LPCWSTR *lpStrings, IN LPVOID lpRawData)
Definition: eventlog.c:1516
dwInfoLevel
_In_ DWORD dwInfoLevel
Definition: winsvc.h:422
_RPC_CLIENT_ID::UniqueProcess
ULONG UniqueProcess
Definition: eventlogrpc.idl:28
EVENTLOG_SEEK_READ
#define EVENTLOG_SEEK_READ
Definition: winnt_old.h:2697
_CLIENT_ID
Definition: compat.h:682
ERR
#define ERR(fmt,...)
Definition: debug.h:110
MAX_COMPUTERNAME_LENGTH
#define MAX_COMPUTERNAME_LENGTH
Definition: winbase.h:240
_UNICODE_STRING
Definition: env_spec_w32.h:368
_RPC_SID
Definition: msv1_0.h:12
FileName
struct _FileName FileName
Definition: fatprocs.h:893
NtCurrentTeb
FORCEINLINE struct _TEB * NtCurrentTeb(VOID)
Definition: psfuncs.h:420
i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
USHORT
unsigned short USHORT
Definition: pedump.c:61
EmptyStringU
static RPC_UNICODE_STRING EmptyStringU
Definition: eventlog.c:33
ClearEventLogW
BOOL WINAPI ClearEventLogW(IN HANDLE hEventLog, IN LPCWSTR lpBackupFileName)
Definition: eventlog.c:367
RtlAnsiStringToUnicodeString
NTSYSAPI NTSTATUS NTAPI RtlAnsiStringToUnicodeString(PUNICODE_STRING DestinationString, PANSI_STRING SourceString, BOOLEAN AllocateDestinationString)
RtlTimeToSecondsSince1970
BOOLEAN NTAPI RtlTimeToSecondsSince1970(PLARGE_INTEGER Time, PULONG ElapsedSeconds)
ElfrReadELA
NTSTATUS WINAPI ElfrReadELA(IELF_HANDLE LogHandle, ULONG ReadFlags, ULONG RecordOffset, RULONG NumberOfBytesToRead, PBYTE Buffer, PULONG NumberOfBytesRead, PULONG MinNumberOfBytesNeeded)
Definition: rpc.c:940
PSTR
signed char * PSTR
Definition: retypes.h:7
PULONG
unsigned int * PULONG
Definition: retypes.h:1
ElfReportEventA
NTSTATUS NTAPI ElfReportEventA(IN HANDLE hEventLog, IN USHORT EventType, IN USHORT EventCategory, IN ULONG EventID, IN PSID UserSID, IN USHORT NumStrings, IN ULONG DataSize, IN PANSI_STRING *Strings, IN PVOID Data, IN USHORT Flags, IN OUT PULONG RecordNumber, IN OUT PULONG TimeWritten)
Definition: eventlog.c:1323
NULL
#define NULL
Definition: types.h:112
DeregisterEventSource
BOOL WINAPI DeregisterEventSource(IN HANDLE hEventLog)
Definition: eventlog.c:473
EVENTLOG_FORWARDS_READ
#define EVENTLOG_FORWARDS_READ
Definition: winnt_old.h:2698
SourceName
WCHAR SourceName[256]
Definition: arping.c:28
ElfOpenEventLogW
NTSTATUS NTAPI ElfOpenEventLogW(IN PUNICODE_STRING UNCServerNameU, IN PUNICODE_STRING SourceNameU, OUT PHANDLE phEventLog)
Definition: eventlog.c:951
ElfrFlushEL
NTSTATUS WINAPI ElfrFlushEL(IELF_HANDLE LogHandle)
Definition: rpc.c:1196
OpenEventLogA
HANDLE WINAPI OpenEventLogA(IN LPCSTR lpUNCServerName, IN LPCSTR lpSourceName)
Definition: eventlog.c:919
HEAP_ZERO_MEMORY
#define HEAP_ZERO_MEMORY
Definition: compat.h:134
PDWORD
DWORD * PDWORD
Definition: pedump.c:68
ElfrReportEventA
NTSTATUS WINAPI ElfrReportEventA(IELF_HANDLE LogHandle, ULONG Time, USHORT EventType, USHORT EventCategory, ULONG EventID, USHORT NumStrings, ULONG DataSize, PRPC_STRING ComputerName, PRPC_SID UserSID, PRPC_STRING Strings[], PBYTE Data, USHORT Flags, PULONG RecordNumber, PULONG TimeWritten)
Definition: rpc.c:992
ElfOpenEventLogA
NTSTATUS NTAPI ElfOpenEventLogA(IN PANSI_STRING UNCServerNameA, IN PANSI_STRING SourceNameA, OUT PHANDLE phEventLog)
Definition: eventlog.c:885
_LARGE_INTEGER
Definition: typedefs.h:102
ElfrRegisterEventSourceA
NTSTATUS WINAPI ElfrRegisterEventSourceA(EVENTLOG_HANDLE_A UNCServerName, PRPC_STRING ModuleName, PRPC_STRING RegModuleName, ULONG MajorVersion, ULONG MinorVersion, PIELF_HANDLE LogHandle)
Definition: rpc.c:849
OUT
#define OUT
Definition: typedefs.h:40
LPDWORD
uint32_t * LPDWORD
Definition: typedefs.h:59
ULONG
unsigned int ULONG
Definition: retypes.h:1
RtlInitUnicodeString
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
NtQuerySystemTime
NTSTATUS NTAPI NtQuerySystemTime(OUT PLARGE_INTEGER SystemTime)
Definition: time.c:472
EventType
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ EVENT_TYPE EventType
Definition: exfuncs.h:165
OpenBackupEventLogA
HANDLE WINAPI OpenBackupEventLogA(IN LPCSTR lpUNCServerName, IN LPCSTR lpFileName)
Definition: eventlog.c:725
ElfClearEventLogFileW
NTSTATUS NTAPI ElfClearEventLogFileW(IN HANDLE hEventLog, IN PUNICODE_STRING BackupFileNameU)
Definition: eventlog.c:347
_RPC_CLIENT_ID
Definition: eventlogrpc.idl:27
ERROR_INVALID_LEVEL
#define ERROR_INVALID_LEVEL
Definition: winerror.h:196
LogHandle
_In_ UINT _Out_ PNDIS_HANDLE LogHandle
Definition: ndis.h:5381
ElfrNumberOfRecords
NTSTATUS WINAPI ElfrNumberOfRecords(IELF_HANDLE LogHandle, PULONG NumberOfRecords)
Definition: rpc.c:353
RegisterEventSourceW
HANDLE WINAPI RegisterEventSourceW(IN LPCWSTR lpUNCServerName, IN LPCWSTR lpSourceName)
Definition: eventlog.c:1295
status
static SERVICE_STATUS status
Definition: service.c:31
FileNameA
static const CHAR FileNameA[]
Definition: PrivMoveFileIdentityW.c:13
EVENTLOG_HANDLE_A
LPSTR EVENTLOG_HANDLE_A
Definition: eventlogrpc.idl:25
PBYTE
BYTE * PBYTE
Definition: pedump.c:66
RegisterEventSourceA
HANDLE WINAPI RegisterEventSourceA(IN LPCSTR lpUNCServerName, IN LPCSTR lpSourceName)
Definition: eventlog.c:1224
HeapFree
#define HeapFree(x, y, z)
Definition: compat.h:594
DataSize
_In_ NDIS_STATUS _In_ ULONG _In_ USHORT _In_opt_ PVOID _In_ ULONG DataSize
Definition: ndis.h:4751
dwSize
PSDBQUERYRESULT_VISTA PVOID DWORD * dwSize
Definition: env.c:56
Time
static PLARGE_INTEGER Time
Definition: time.c:105
EVENTLOG_HANDLE_A_bind
handle_t __RPC_USER EVENTLOG_HANDLE_A_bind(EVENTLOG_HANDLE_A UNCServerName)
Definition: eventlog.c:40
ElfrReportEventAndSourceW
NTSTATUS WINAPI ElfrReportEventAndSourceW(IELF_HANDLE LogHandle, ULONG Time, USHORT EventType, USHORT EventCategory, ULONG EventID, PRPC_UNICODE_STRING SourceName, USHORT NumStrings, ULONG DataSize, PRPC_UNICODE_STRING ComputerName, PRPC_SID UserSID, PRPC_UNICODE_STRING Strings[], PBYTE Data, USHORT Flags, PULONG RecordNumber, PULONG TimeWritten)
Definition: rpc.c:1224
RtlDosPathNameToNtPathName_U
NTSYSAPI BOOLEAN NTAPI RtlDosPathNameToNtPathName_U(_In_opt_z_ PCWSTR DosPathName, _Out_ PUNICODE_STRING NtPathName, _Out_opt_ PCWSTR *NtFileNamePart, _Out_opt_ PRTL_RELATIVE_NAME_U DirectoryInfo)
lpFileName
_In_ LPCSTR lpFileName
Definition: winbase.h:3050
RPC_S_OK
#define RPC_S_OK
Definition: rpcnterr.h:22
ElfBackupEventLogFileA
NTSTATUS NTAPI ElfBackupEventLogFileA(IN HANDLE hEventLog, IN PANSI_STRING BackupFileNameA)
Definition: eventlog.c:154
RpcExcept
#define RpcExcept(expr)
Definition: rpc.h:127
ElfrOldestRecord
NTSTATUS WINAPI ElfrOldestRecord(IELF_HANDLE LogHandle, PULONG OldestRecordNumber)
Definition: rpc.c:402
I_RpcMapWin32Status
LONG WINAPI I_RpcMapWin32Status(RPC_STATUS status)
Definition: rpcrt4_main.c:738
status
Definition: ps.c:97